JavaScript must be enabled in order for you to use Knowledgebase Manager Pro. However, it seems JavaScript is either disabled or not supported by your browser. To use Knowledgebase Manager Pro, enable JavaScript by changing your browser options, then try again.
Learn more.

Introduction

BIND 9.9.5-P1 is a patch release for BIND 9.9 which includes changes to address GCC optimization issues described in ISC Operational Notification https://kb.isc.org/article/AA-01167 as well as patches for a small number of other issues.

This document summarizes features added or significantly changed since the previous major release, BIND 9.9.4. Changes marked with '**' have been added since the previous release, 9.9.5.Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/.
There you will find additional information about each release, source
code, and pre-compiled versions for Microsoft Windows operating systems.

Security Fixes

Treat
an all zero netmask as invalid when generating the localnets acl to
workaround bug on Windows platform. [CVE-2013-6230] [RT #34687]

Fix
crashes when serving some NSEC3 signed zones. memcpy was incorrectly
called with overlapping ranges, resulting in malformed names being
generated on some platforms. This could cause INSIST failures. (CVE
2014-0591) [RT #35120]

Features Changes

Add the ability to specify ndots to "nslookup". [RT #34711]

Introduce
a new tool "dnssec-importkey" to allow externally-generated DNSKEY to
be imported into the DNSKEY management framework. [RT #34698]

Check that EDNS subnet client options are well formed. [RT #34718]

"named" now preserves the capitalization of names when responding to queries. [RT #34737]

Include a comment in .nzf files (used for adding new zones via "rndc"), giving the name of the associated view. [RT #34765]

named will now warn when a zone's configured "key-directory" does not exist or is not a directory. [RT #35108]

Added
improvements to statistics channel XSL stylesheet: the stylesheet can
now be cached by the browser; section headers are omitted from the stats
display when there is no data in those sections to be displayed;
counters are now right-justified for easier readability. (Only available
with ./configure --enable-newstats.) [RT #35117]

"named-checkconf" can now obscure shared secrets when printing by specifying '-x'. [RT #34465]

The
export-library API call for loading "resolv.conf", irs_resconf_load(),
has been modified to return ISC_R_FILENOTFOUND when the file does not
exist and initializes the resconf structure as if the file had existed
and configured with nameservers at the localhost addresses (127.0.0.1
and ::1). [RT #35194]

Bug Fixes

Don't call qsort with a null pointer and disable GCC 4.9 "delete
null pointer check". This fixes problems when using GNU GCC 4.9.0 where
its compiler code optimizations may cause crashes in BIND. For more information, see the operational advisory at https://kb.isc.org/article/AA-01167/. [RT #35968] **

Improve Linux portability for libcap support. [RT #35387] **

Fix
a bug that prevented the dig, nslookup, and host utilities from exiting
properly after completing a UDP query. [RT #35288] **

Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]

Fix
"host" and "nslookup" so don't need dot after the domain by checking
ndots when searching. Only continue searching on NXDOMAIN responses. [RT
#34711]

Prevent a theoretically possible race and crash when obtaining a socket in dispatch.c [RT #35128]

Use built-in versions of strptime() and timegm() on all platforms to avoid portability issues. [RT #35183]

Fix
a bug which could cause a crash when running "rndc reconfig" or "rndc
reload" after configuration is changed from regular zones to automatic
empty zones. [RT #35177]

Thank You

Thank
you to everyone who assisted us in making this release possible. If you
would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at http://www.isc.org/donate/.